CompTIA CySA+ CS0-003 Practice Question
While conducting vulnerability assessments, an information security analyst is calculating risk scores to prioritize remediation efforts. Which factor should be MOST heavily weighted to ensure the risk score accurately reflects the urgency of addressing the vulnerability within the organization's specific context?
The percentage of industry peers that have mitigated the vulnerability
The average time it has taken the organization to patch vulnerabilities with similar complexity in the past
The exposure of high-value assets to the vulnerability and the potential business impact
The number of false positives generated in vulnerability scanners for the same category of vulnerabilities
The difficulty level associated with the exploitation of the vulnerability as rated by an external security advisory
The ratio of internal to external systems affected by the vulnerability